Security Issues, Attacks and Countermeasures in Layered IoT Ecosystem

##plugins.themes.academic_pro.article.sidebar##

Published Mar 31, 2023
https://doi.org/10.47164/ijngc.v14i2.892
Download
Requires Subscription pdf
Statistic

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...
Volume 14, Issue 2, March 2023

##plugins.themes.academic_pro.article.main##

Ajeet Singh
School of Computer & Information Sciences (SCIS), University of Hyderabad
N D Patel
School of Computer & Information Sciences (SCIS), University of Hyderabad, India

Abstract

Internet of Things (IoT) applications consist mainly of a group of small devices with sensing and/ or actuation
capabilities, working collaboratively to provide a specific functionality. IoT applications are becoming vital part of
our daily lives in various areas such as home automation, industrial automation, energy sector, healthcare sector
and smart transportation. Security is a term that is used to encompass the notions such as integrity, confidentiality,
and privacy. A more prominent understanding of the Internet of Things (IoT) is that – it transmits data over the
global internet and gives many services in many domains. It facilitates the machines and gadgets to communicate
with each other. IoT appliances have been facing several issues, therefore we identify variety of service domains
and their vulnerabilities. The main focus is on protecting the security and privacy. This paper presents an
overview of IoT models, applications in different domains, vulnerabilities, security privacy goals, possible attacks,
and their corresponding countermeasures. The objective of this paper is also to provide a survey on categorized
layer-wise attacks and countermeasures in detail. In the object layer, connectivity link Layer, several attacks
are discussed based on RFID, NFC, ZigBee, Bluetooth, and Wi-Fi protocols. In the Transport Network layer,
we have classified variety of attacks based on RPL, 6loWPAN, TCP/UDP, and IPv4/IPv6. Similarly, In the
Session Communication, Data Aggregation Storage, Business Model, and Application layers, we have discovered
considerable number of attacks for each layer.

##plugins.themes.academic_pro.article.details##

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite
Ajeet Singh, & N D Patel. (2023). Security Issues, Attacks and Countermeasures in Layered IoT Ecosystem. International Journal of Next-Generation Computing, 14(2). https://doi.org/10.47164/ijngc.v14i2.892
Crossref
Scopus
Google Scholar
Europe PMC

References

  1. https://www.sans.org/reading-room/whitepapers/detection/paper/33904.
  2. https://tanguy.ortolo.eu/blog/article69/xmpploit-explained.
  3. Abad, C. L. and Bonilla, R. I. 2007. An analysis on the schemes for detecting and preventing arp cache poisoning attacks. In 27th International Conference on Distributed Computing Systems Workshops (ICDCSW’07). IEEE, 60–60. DOI: https://doi.org/10.1109/ICDCSW.2007.19
  4. Abare, G. and Garba, E. 2019. A proposed model for enhanced security against key reinstal- lation attack on wireless networks. International Journal of Scientific Research in Network Security and Communication 7, 3, 21–27.
  5. AbdAllah, E. G., Hassanein, H. S., and Zulkernine, M. 2015. A survey of security attacks in information-centric networking. IEEE Communications Surveys & Tutorials 17, 3, 1441– 1454. DOI: https://doi.org/10.1109/COMST.2015.2392629
  6. Ahmad, M. S. 2010. Wpa too! DEF CON 18.
  7. Alqahtani, A. H. and Iftikhar, M. 2013. Tcp/ip attacks, defenses and security tools. In- ternational Journal of Science and Modern Engineering (IJISME) 1, 10.
  8. Arafat, M. Y., Alam, M. M., and Alam, M. F. 2015. A practical approach and mitiga- tion techniques on application layer ddos attack in web server. International Journal of Computer Applications 975, 8887.
  9. Asadian, H. and Javadi, H. H. S. 2018. Identification of sybil attacks on social networks using a framework based on user interactions. Security and Privacy 1, 2, e19. DOI: https://doi.org/10.1002/spy2.19
  10. Asim, M. and Iqbal, W. 2016. Iot operating systems and security challenges. International Journal of Computer Science and Information Security 14, 7, 314.
  11. Atzori, L., Iera, A., and Morabito, G. 2010. The internet of things: A survey. Computer networks 54, 15, 2787–2805. DOI: https://doi.org/10.1016/j.comnet.2010.05.010
  12. Babik, M., Prelz, F., Froy, T., Grigoras, C., Chudoba, J., Finnern, T., Idiculla, T., Dewhurst, A., Kelsey, D., Ohrenberg, K., et al. 2017. Iop: Ipv6 security. In J. Phys.: Conf. Ser. Vol. 898. 102008. DOI: https://doi.org/10.1088/1742-6596/898/10/102008
  13. Banday, M. T. 2019. Security in context of the internet of things: A study. In Cryptographic Security Solutions for the Internet of Things. IGI Global, 1–40. DOI: https://doi.org/10.4018/978-1-5225-5742-5.ch001
  14. Becker, A. and Paar, I. C. 2007. Bluetooth security & hacks. Ruhr-Universit¨at Bochum.
  15. Bella¨ıche, M. and Gre´goire, J.-C. 2012. Syn flooding attack detection by tcp handshake anomalies. Security and Communication Networks 5, 7, 709–724. DOI: https://doi.org/10.1002/sec.365
  16. Benzidane, K., Khoudali, S., Fetjah, L., Andaloussi, S. J., and Sekkaki, A. 2019. Application-based authentication on an inter-vm traffic in a cloud environment. Interna- tional Journal of Communication Networks and Information Security 11, 1, 148–166. DOI: https://doi.org/10.17762/ijcnis.v11i1.3841
  17. Bijalwan, A., Wazid, M., Pilli, E. S., and Joshi, R. C. 2015. Forensics of random-udp flooding attacks. Journal of Networks 10, 5, 287. DOI: https://doi.org/10.4304/jnw.10.5.287-293
  18. Bittau, A., Handley, M., and Lackey, J. 2006. The final nail in wep’s coffin. In 2006 IEEE Symposium on Security and Privacy (S&P’06). IEEE, 15–pp. DOI: https://doi.org/10.1109/SP.2006.40
  19. Brahanyaa, S. and Anbarasi, L. J. 2018. Classification of snmp network dataset for ddos attack prevention. In 2018 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC). IEEE, 1–5. DOI: https://doi.org/10.1109/ICCIC.2018.8782319
  20. Caneill, M. and Gilis, J.-L. 2010. Attacks against the wifi protocols wep and wpa. Journal, no. December .
  21. Chang, C.-C. and Nguyen, N.-T. 2016. An untraceable biometric-based multi-server authen- ticated key agreement protocol with revocation. Wireless Personal Communications 90, 4, 1695–1715. DOI: https://doi.org/10.1007/s11277-016-3418-2
  22. Chattha, N. A. 2014. Nfc—vulnerabilities and defense. In 2014 Conference on Information Assurance and Cyber Security (CIACS). IEEE, 35–38. DOI: https://doi.org/10.1109/CIACS.2014.6861328
  23. Chen, J., Diao, W., Zhao, Q., Zuo, C., Lin, Z., Wang, X., Lau, W. C., Sun, M., Yang, R., and Zhang, K. 2018. Iotfuzzer: Discovering memory corruptions in iot through app- based fuzzing. In NDSS. DOI: https://doi.org/10.14722/ndss.2018.23159
  24. Choi, M.-K., Robles, R. J., Hong, C.-h., and Kim, T.-h. 2008. Wireless network security: Vulnerabilities, threats and countermeasures. International Journal of Multimedia and Ubiquitous Engineering 3, 3, 77–86.
  25. Chou, T.-S. 2013. Security threats on cloud computing vulnerabilities. International Journal of Computer Science & Information Technology 5, 3, 79. DOI: https://doi.org/10.5121/ijcsit.2013.5306
  26. Christodorescu, M., Jha, S., Seshia, S. A., Song, D., and Bryant, R. E. 2005. Semantics- aware malware detection. In 2005 IEEE Symposium on Security and Privacy (S&P’05). IEEE, 32–46. DOI: https://doi.org/10.1109/SP.2005.20
  27. Collantes, M. I. M., El Massad, M., and Garg, S. 2016. Threshold-dependent camouflaged cells to secure circuits against reverse engineering attacks. In 2016 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). IEEE, 443–448.
  28. Das, R., Menon, V., and Morris, T. H. 2018. On the edge realtime intrusion prevention system for dos attack. In 5th International Symposium for ICS & SCADA Cyber Security Research 2018 5. 84–91. DOI: https://doi.org/10.14236/ewic/ICS2018.10
  29. De Vivo, M., Carrasco, E., Isern, G., and de Vivo, G. O. 1999. A review of port scanning techniques. ACM SIGCOMM Computer Communication Review 29, 2, 41–48. DOI: https://doi.org/10.1145/505733.505737
  30. Deka, R. K., Bhattacharyya, D. K., and Kalita, J. K. 2019. Granger causality in tcp flooding attack. IJ Network Security 21, 1, 30–39.
  31. Deogirikar, J. and Vidhate, A. 2017. Security attacks in iot: A survey. In 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC). IEEE, 32– 37. DOI: https://doi.org/10.1109/I-SMAC.2017.8058363
  32. Fan, X., Susan, F., Long, W., and Li, S. 2017. Security analysis of zigbee.
  33. Farha, F. and Chen, H. 2018. Mitigating replay attacks with zigbee solutions. Network Security 2018, 1, 13–19. DOI: https://doi.org/10.1016/S1353-4858(18)30008-4
  34. Farooq, M. U., Waseem, M., Khairi, A., and Mazhar, S. 2015. A critical analysis on the security concerns of internet of things (iot). International Journal of Computer Applica- tions 111, 7. DOI: https://doi.org/10.5120/19547-1280
  35. Ferna´ndez-Carame´s, T., Fraga-Lamas, P., Sua´rez-Albela, M., and Castedo, L. 2017. Reverse engineering and security evaluation of commercial tags for rfid-based iot applica- tions. Sensors 17, 1, 28. DOI: https://doi.org/10.3390/s17010028
  36. Francis, L., Hancke, G., Mayes, K., and Markantonakis, K. 2010. Practical nfc peer- to-peer relay attack using mobile phones. In International Workshop on Radio Frequency Identification: Security and Privacy Issues. Springer, 35–49. DOI: https://doi.org/10.1007/978-3-642-16822-2_4
  37. Fu, X., Gao, Y., Luo, B., Du, X., and Guizani, M. 2017. Security threats to hadoop: Data leakage attacks and investigation. IEEE Network 31, 2, 67–71. DOI: https://doi.org/10.1109/MNET.2017.1500095NM
  38. Gavrichenkov, A. 2015. Breaking https with bgp hijacking. Black Hat. Briefings.
  39. Ge, Q., Yarom, Y., Cock, D., and Heiser, G. 2018. A survey of microarchitectural tim- ing attacks and countermeasures on contemporary hardware. Journal of Cryptographic Engineering 8, 1, 1–27. DOI: https://doi.org/10.1007/s13389-016-0141-6
  40. Genova, P., Engler, M., Grigorov, S., Jurova, M., Kadrev, B., Schmid, M., Trendafilov, T., Yordanov, D., and Zarembo, I. 2013. Cross-site request forgery protection. US Patent App. 13/325,111.
  41. Green, J. 2014. The internet of things reference model. In Internet of Things World Forum.
  42. –12.
  43. Gupta, N., Jain, A., Saini, P., and Gupta, V. 2016. Ddos attack algorithm using icmp flood. In 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom). IEEE, 4082–4084.
  44. Hameed, S., Jamali, U. M., and Samad, A. 2016. Protecting nfc data exchange against eavesdropping with encryption record type definition. In NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium. IEEE, 577–583. DOI: https://doi.org/10.1109/NOMS.2016.7502861
  45. Hernandez, G., Arias, O., Buentello, D., and Jin, Y. 2014. Smart nest thermostat: A smart spy in your home. Black Hat USA, 1–8.
  46. Holmes, D. 2013. Mitigating ddos attacks with f5 technology. F5 Networks, Inc, 2099–2104.
  47. Hongach Jr, W. J. 2018. Mitigating security flaws in the tcp/ip protocol suite. Ph.D. thesis, Utica College.
  48. Hossain, M. S., Paul, A., Islam, M. H., and Atiquzzaman, M. 2018. Survey of the protection mechanisms to the ssl-based session hijacking attacks. Network Protocols & Algorithms 10, 1, 83–108. DOI: https://doi.org/10.5296/npa.v10i1.12478
  49. Hu, Q., Du, B., Markantonakis, K., and Hancke, G. P. 2019. A session hijacking attack against a device-assisted physical layer key agreement. IEEE Transactions on Industrial Informatics. DOI: https://doi.org/10.1109/TII.2019.2923662
  50. Hu, Q. and Hancke, G. P. 2017. A session hijacking attack on physical layer key generation DOI: https://doi.org/10.1109/ICIT.2017.7915573
  51. agreement. In 2017 IEEE International Conference on Industrial Technology (ICIT). IEEE, 1418–1423.
  52. Huang, L., Gao, C., Zhou, Y., Zou, C., Xie, C., Yuille, A., and Liu, N. 2019. Upc: Learning universal physical camouflage attacks on object detectors. arXiv preprint arXiv:1909.04326 . DOI: https://doi.org/10.1109/CVPR42600.2020.00080
  53. Hummen, R., Hiller, J., Wirtz, H., Henze, M., Shafagh, H., and Wehrle, K. 2013. 6lowpan fragmentation attacks and mitigation mechanisms. In Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks. ACM, 55–66. DOI: https://doi.org/10.1145/2462096.2462107
  54. Karpin´ski, M., Korchenko, A., Vikulov, P., Kochan, R., Balyk, A., and Kozak, R. 2017. The etalon models of linguistic variables for sniffing-attack detection. In 2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). Vol. 1. IEEE, 258–264. DOI: https://doi.org/10.1109/IDAACS.2017.8095087
  55. Kaushal, K. and Sahni, V. 2016. Early detection of ddos attack in wsn. International Journal of Computer Applications 134, 13, 0975–8887. DOI: https://doi.org/10.5120/ijca2016908117
  56. Kizza, J. M. 2017. Mobile systems and their intractable social, ethical and security issues. In DOI: https://doi.org/10.1007/978-3-319-70712-9_16
  57. Ethical and Social Issues in the Information Age. Springer, 321–338.
  58. Kodada, B. B., Prasad, G., and Pais, A. R. 2012. Protection against ddos and data modifica- tion attack in computational grid cluster environment. International Journal of Computer Network and Information Security 4, 7, 12. DOI: https://doi.org/10.5815/ijcnis.2012.07.02
  59. Korhonen, N.-P. 2017. Nfc payment & security threats.
  60. Kulkarni, G., Shelke, R., Sutar, R., and Mohite, S. 2014. Rfid security issues & chal- lenges. In 2014 International Conference on Electronics and Communication Systems (ICECS). IEEE, 1–4.
  61. Lehtonen, M., Ostojic, D., Ilic, A., and Michahelles, F. 2009. Securing rfid systems by detecting tag cloning. In International Conference on Pervasive Computing. Springer, 291–308. DOI: https://doi.org/10.1007/978-3-642-01516-8_20
  62. Lin, C.-H., Liu, J.-C., Huang, S.-Y., Lee, C.-Y., and Chen, C.-R. 2010. A detection scheme for flooding attack on application layer based on semantic concept. In 2010 International Computer Symposium (ICS2010). IEEE, 385–389. DOI: https://doi.org/10.1109/COMPSYM.2010.5685483
  63. Lonzetta, A., Cope, P., Campbell, J., Mohd, B., and Hayajneh, T. 2018. Security vulnerabilities in bluetooth technology as used in iot. Journal of Sensor and Actuator Networks 7, 3, 28. DOI: https://doi.org/10.3390/jsan7030028
  64. Mashal, I., Alsaryrah, O., Chung, T.-Y., Yang, C.-Z., Kuo, W.-H., and Agrawal,
  65. D. P. 2015. Choices for interaction with things on internet and underlying issues. Ad Hoc Networks 28, 68–90. DOI: https://doi.org/10.1016/j.adhoc.2014.12.006
  66. Mateen, A. and Waheed, A. 2016. The role of virtualization techniques to overcome the challenges in cloud computing. International Journal of Computer Applications 143, 9, 7–11. DOI: https://doi.org/10.5120/ijca2016910335
  67. Mayzaud, A., Badonnel, R., and Chrisment, I. 2016. A taxonomy of attacks in rpl-based internet of things.
  68. McGuire, M., Ogras, U., and Ozev, S. 2019. Pcb hardware trojans: Attack modes and detection strategies. In 2019 IEEE 37th VLSI Test Symposium (VTS). IEEE, 1–6. DOI: https://doi.org/10.1109/VTS.2019.8758643
  69. Meena, S., Daniel, E., and Vasanthi, N. 2013. Survey on various data integrity attacks in cloud environment and the solutions. In 2013 International Conference on Circuits, Power and Computing Technologies (ICCPCT). IEEE, 1076–1081. DOI: https://doi.org/10.1109/ICCPCT.2013.6528889
  70. Merget, R., Somorovsky, J., Aviram, N., Young, C., Fliegenschmidt, J., Schwenk, J., and Shavitt, Y. 2019. Scalable scanning and automatic classification of TLS padding oracle vulnerabilities. In 28th USENIX Security Symposium ( USENIX Security 19). 1029–1046.
  71. Miller, C. 2012. Exploring the nfc attack surface. Proceedings of Blackhat .
  72. Minar, N. B.-N. I. and Tarique, M. 2012. Bluetooth security threats and solutions: a survey.
  73. International Journal of Distributed and Parallel Systems 3, 1, 127.
  74. Mishra, B. K. and Keshri, N. 2013. Mathematical model on the transmission of worms in wireless sensor network. Applied Mathematical Modelling 37, 6, 4103–4111. DOI: https://doi.org/10.1016/j.apm.2012.09.025
  75. Modi, C., Patel, D., Borisaniya, B., Patel, A., and Rajarajan, M. 2013. A survey on security issues and solutions at different layers of cloud computing. The journal of supercomputing 63, 2, 561–592. DOI: https://doi.org/10.1007/s11227-012-0831-5
  76. Mosenia, A. and Jha, N. K. 2016. A comprehensive study of security of internet-of-things.
  77. IEEE Transactions on Emerging Topics in Computing 5, 4, 586–602.
  78. Nakhila, O., Attiah, A., Jin, Y., and Zou, C. 2015. Parallel active dictionary attack on wpa2-psk wi-fi networks. In MILCOM 2015-2015 IEEE Military Communications Confer- ence. IEEE, 665–670. DOI: https://doi.org/10.1109/MILCOM.2015.7357520
  79. Ndibwile, J. D., Govardhan, A., Okada, K., and Kadobayashi, Y. 2015. Web server protection against application layer ddos attacks using machine learning and traffic au- thentication. In 2015 IEEE 39th Annual Computer Software and Applications Conference. Vol. 3. IEEE, 261–267. DOI: https://doi.org/10.1109/COMPSAC.2015.240
  80. Nenvani, G. and Gupta, H. 2016. A survey on attack detection on cloud using supervised learn- ing techniques. In 2016 Symposium on Colossal Data Analysis and Networking (CDAN). IEEE, 1–5. DOI: https://doi.org/10.1109/CDAN.2016.7570872
  81. Oliveira, L. M. L., Rodrigues, J. J., de Sousa, A. F., and Denisov, V. M. 2016. Network admission control solution for 6lowpan networks based on symmetric key mechanisms. IEEE transactions on industrial informatics 12, 6, 2186–2195. DOI: https://doi.org/10.1109/TII.2016.2601562
  82. Otgonbaatar, U. 2015. Evaluating modern defenses against control flow hijacking. Tech. rep., MIT Lincoln Laboratory Lexington United States.
  83. Padgette, J., Scarfone, K., and Chen, L. 2012. Guide to bluetooth security: Recommen- dations of the national institute of standards and technology (special publication 800-121 revision 1). DOI: https://doi.org/10.6028/NIST.SP.800-121r1
  84. Pal, S., Sikdar, B., and Chow, J. H. 2017. Classification and detection of pmu data manipu- lation attacks using transmission line parameters. IEEE Transactions on Smart Grid 9, 5, 5057–5066. DOI: https://doi.org/10.1109/TSG.2017.2679122
  85. Papp, D., Ma, Z., and Buttyan, L. 2015. Embedded systems security: Threats, vulnerabili- ties, and attack taxonomy. In 2015 13th Annual Conference on Privacy, Security and Trust (PST). IEEE, 145–152. DOI: https://doi.org/10.1109/PST.2015.7232966
  86. Parkkinen, J. and Hyvarinen, M. A. 2014. Restricting and preventing pairing attempts from virus attack and malicious software. US Patent 8,787,899.
  87. Patel, N., Mehtre, B., and Wankar, R. 2021. Things-to-cloud (t2c): A protocol-based nine-layered architecture. In Inventive Communication and Computational Technologies. Springer, 789–805. DOI: https://doi.org/10.1007/978-981-15-7345-3_68
  88. Patton, M., Gross, E., Chinn, R., Forbis, S., Walker, L., and Chen, H. 2014. Uninvited connections: a study of vulnerable devices on the internet of things (iot). In 2014 IEEE Joint Intelligence and Security Informatics Conference. IEEE, 232–235. DOI: https://doi.org/10.1109/JISIC.2014.43
  89. Pongle, P. and Chavan, G. 2015. A survey: Attacks on rpl and 6lowpan in iot. In 2015 International conference on pervasive computing (ICPC). IEEE, 1–6. DOI: https://doi.org/10.1109/PERVASIVE.2015.7087034
  90. Qadeer, M. A., Iqbal, A., Zahid, M., and Siddiqui, M. R. 2010. Network traffic analysis and intrusion detection using packet sniffer. In 2010 Second International Conference on Communication Software and Networks. IEEE, 313–317. DOI: https://doi.org/10.1109/ICCSN.2010.104
  91. Rathi, N., Ghosh, S., Iyengar, A., and Naeimi, H. 2016. Data privacy in non-volatile cache: Challenges, attack models and solutions. In 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC). IEEE, 348–353. DOI: https://doi.org/10.1109/ASPDAC.2016.7428036
  92. Raza, S., Duquennoy, S., Chung, T., Yazar, D., Voigt, T., and Roedig, U. 2011. Se- curing communication in 6lowpan with compressed ipsec. In 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS). IEEE, 1–8. DOI: https://doi.org/10.1109/DCOSS.2011.5982177
  93. Rebecchi, F., Boite, J., Nardin, P.-A., Bouet, M., and Conan, V. 2019. Ddos protec- tion with stateful software-defined networking. International Journal of Network Manage- ment 29, 1, e2042. DOI: https://doi.org/10.1002/nem.2042
  94. Reddy, S. V., Ramani, K. S., Rijutha, K., Ali, S. M., and Reddy, C. P. 2010. Wireless hacking-a wifi hack by cracking wep. In 2010 2nd International Conference on Education Technology and Computer. Vol. 1. IEEE, V1–189.
  95. Rose, S. H. and Jayasree, T. Detection of jamming attacks in a cluster wsn using statistical approach.
  96. Saravanan, K., Vijayanand, L., and Negesh, R. 2012. A novel bluetooth man-in-the-middle attack based on ssp using oob association model. arXiv preprint arXiv:1203.4649 .
  97. Saxena, M., Shaw, R. N., and Verma, J. K. 2019. A novel hash-based mutual rfid tag authentication protocol. In Data and Communication Networks. Springer, 1–12. DOI: https://doi.org/10.1007/978-981-13-2254-9_1
  98. Sen, J. 2010. A survey on wireless sensor network security. arXiv preprint arXiv:1011.1529 .
  99. Sen, J. 2012. Security in wireless sensor networks. Wireless Sensor Networks: Current Status and Future Trends 407. DOI: https://doi.org/10.1201/b13092-21
  100. Shabani, F., Gharaee, H., and Ghaffari, F. 2018. An intelligent rfid-enabled authentication protocol in vanet. In 2018 9th International Symposium on Telecommunications (IST). IEEE, 587–591. DOI: https://doi.org/10.1109/ISTEL.2018.8661121
  101. Shakdhe, A., Agrawal, S., and Yang, B. 2019. Security vulnerabilities in consumer iot applications. In 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (Big- DataSecurity), IEEE Intl Conference on High Performance and Smart Computing,(HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). IEEE, 1–6. DOI: https://doi.org/10.1109/BigDataSecurity-HPSC-IDS.2019.00012
  102. Singh, B. 2017. Design of an intrusion detection system to detect the black hole attack using less energy consumption in wsn.
  103. Singh, V. P., Jain, S., and Singhai, J. 2010. Hello flood attack and its countermeasures in wireless sensor networks. International Journal of Computer Science Issues (IJCSI) 7, 3, 23.
  104. Stan, O., Bitton, R., Ezrets, M., Dadon, M., Inokuchi, M., Ohta, Y., Yamada, Y., Yagyu, T., Elovici, Y., and Shabtai, A. 2019. Extending attack graphs to repre- sent cyber-attacks in communication protocols and modern it networks. arXiv preprint arXiv:1906.09786 .
  105. Steele, J. 2019. Abating padding oracle attacks. US Patent 10,277,611.
  106. Stolbunov, A. 2009. Klein’s and ptw attacks on wep. NTNU, Department of Telematics.
  107. Swati, M. S. B. S. D. and Thakare, S. S. D. V. Study of security challenges in multilayered structure and various attacks on iot.
  108. Tian, C., Chen, C., Duan, Z., and Zhao, L. 2019. Differential testing of certificate valida- tion in ssl/tls implementations: An rfc-guided approach. ACM Transactions on Software Engineering and Methodology (TOSEM) 28, 4, 1–37. DOI: https://doi.org/10.1145/3355048
  109. Tsira, V. and Nandi, G. 2014. Bluetooth technology: Security issues and its prevention. Int.
  110. J. Comput. Appl. Technol 5, 1833–1837.
  111. Valenta, L., Adrian, D., Sanso, A., Cohney, S., Fried, J., Hastings, M., Halderman,
  112. J. A., and Heninger, N. 2017. Measuring small subgroup attacks against diffie-hellman. In NDSS.
  113. Varshney, G., Misra, M., and Atrey, P. K. 2016. A survey and classification of web phishing detection schemes. Security and Communication Networks 9, 18, 6266–6284. DOI: https://doi.org/10.1002/sec.1674
  114. Vidgren, N., Haataja, K., Patino-Andres, J. L., Ramirez-Sanchis, J. J., and Toiva- nen, P. 2013. Security threats in zigbee-enabled systems: vulnerability evaluation, practi- cal experiments, countermeasures, and lessons learned. In 2013 46th Hawaii International Conference on System Sciences. IEEE, 5132–5138. DOI: https://doi.org/10.1109/HICSS.2013.475
  115. Xiaocong, Q. and Jidong, Z. 2010. Study on the structure of “internet of things (iot)” business operation support platform. In 2010 IEEE 12th International Conference on Communication Technology. IEEE, 1068–1071.
  116. Xie, W., Jiang, Y., Tang, Y., Ding, N., and Gao, Y. 2017. Vulnerability detection in iot firmware: A survey. In 2017 IEEE 23rd International Conference on Parallel and Distributed Systems (ICPADS). IEEE, 769–772. DOI: https://doi.org/10.1109/ICPADS.2017.00104
  117. Yu, J., Kim, E., Kim, H., and Huh, J. 2016. A framework for detecting mac and ip spoofing attacks with network characteristics. In 2016 International Conference on Software Security and Assurance (ICSSA). IEEE, 49–53. DOI: https://doi.org/10.1109/ICSSA.2016.16
  118. Zhang, C., Peng, J., and Xiao, J. 2019. An advanced persistent distributed denial-of-service attacked dynamical model on networks. Discrete Dynamics in Nature and Society 2019. DOI: https://doi.org/10.1155/2019/2051489